Vehicle Unit And Method For Operating The Vehicle Unit

1. A vehicle unit for controlling vehicle functions, comprising: a microprocessor ( 20 ); and a memory ( 10 ), connected to the microprocessor, on which a main operating system is implemented, the main operating system forming an interface between hardware and application programs and user interactions, wherein the microprocessor is configured in a microkernel architecture with separate partitions for a main operating system unit ( 1 ), a cryptographic unit ( 4 ) and a supervision unit ( 2 ), wherein the main operating system is configured in the main operating system unit ( 1 ), software certificates are stored in the cryptographic unit ( 4 ), and a verification program, configured to verify certificates and software packages being set up in the cryptographic unit ( 4 ), and a monitoring program, configured to monitor the function of the other partitions of the microkernel architecture, are provided in the supervision unit ( 2 ), and wherein the supervision unit ( 2 ) is configured to initiate a recovery method for the partition with the main operating system, in the event of an error in the main operating system, using the monitoring program.

2. The vehicle unit as claimed in claim 1 , wherein the partition with the main operating system unit ( 1 ) is configured to be changeable by an end user.

3. The vehicle unit as claimed in claim 2 , wherein partitions other than the partition with the main operating system unit ( 1 ) of the microkernel architecture in the microprocessor are configured not to be changeable by the end user.

4. The vehicle unit as claimed in claim 1 , wherein the cryptographic unit ( 4 ) is configured to decrypt and/or verify software to be installed in the vehicle unit in packages using the verification program.

5. The vehicle unit as claimed in claim 1 , wherein the microkernel architecture is in the form of a separation kernel with a separate partition for a policy unit ( 3 ), the policy unit ( 3 ) being configured to monitor communication between the individual partitions of the microkernel architecture.

6. A method for operating the vehicle unit with a microprocessor as claimed in claim 1 , on which a microkernel architecture with separate partitions for a main operating system unit ( 1 ), a cryptographic unit ( 4 ) and a supervision unit ( 2 ) has been set up, the main operating system being set up in the main operating system unit ( 1 ), software certificates being stored in the cryptographic unit ( 4 ) and a verification program for verifying certificates and complete software packages being set up in the cryptographic unit ( 4 ), and a monitoring program for monitoring the function of the other partitions of the microkernel architecture being provided in the supervision unit ( 2 ), the method comprising the monitoring program in the supervision unit ( 2 ): monitoring the main operating system during starting and/or operation; and initiating a recovery method for the partition with the main operating system in the event of an error in the main operating system, using the monitoring program.

7. The method as claimed in claim 6 , wherein, a determination of deviations during starting and/or operation of the main operating system is made based upon a monitoring of a typical start time for a user interface, the computation time of the microprocessor used by the main operating system and/or the storage space requirement used by the main operating system.

8. The method as claimed in claim 6 , wherein, during the recovery method, the partition with the main operating system unit is switched off and is unloaded from the microkernel architecture.

9. The method as claimed in claim 6 , wherein, during the recovery method, a backup image of the partition for the main operating system stored in the vehicle unit is written back.

10. The method as claimed in claim 6 , wherein, during the recovery method, a user-interactive download of a current main operating system version is carried out, the current main operating system version being read in, in particular via an external storage medium, and being installed in the partition for the main operating system.

11. The method as claimed in claim 6 , wherein the cryptographic unit ( 4 ) carries out a check before or during the installation of the main operating system.

12. A non-transitory computer-readable medium storing computer program code that, when executed by the computation unit, causes the vehicle unit to perform the method as claimed in claim 6 .